.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Morgan Demboski
Morgan is a Threat Intelligence Analyst for the Sophos Managed Detection and Response (MDR) team, where her focuses include tactical cyber intelligence, data enrichment, and monitoring emerging threats. With a Masters in Intelligence and Security Studies, her areas of interest span beyond the cyber realm to include geopolitics and international security. In past roles, Morgan worked in the Network Detection and Response (NDR) space, where she focused on tracking attack patterns, analyzing command-and-control infrastructure, and threat research reporting.
Content by Morgan Demboski
Threat Research
virtual machine
QEMU
PayoutsKing
GOLD ENCOUNTER
CitrixBleed2
QEMU abused to evade detection and enable ransomware delivery
April 16, 2026
Threat Research
Canada
Featured
GOLD BLADE
QWCrypt
recruitment platforms
RedLoader
STAC6565
Sharpening the knife: GOLD BLADE’s strategic evolution
December 5, 2025
Security Operations
Threat Research
Dragonforce
Featured
MSP
Simplehelp
Sophos MDR Incident Response
Sophos X-Ops
supply chain compromise
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
May 27, 2025
Security Operations
Threat Research
Atera
Featured
legitimate service abuse
MDR
MuddyWater
Phishing
RMM
Sophos X-Ops
STAC 1171
TA450
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”
November 20, 2024
Security Operations
Threat Research
BackdoorDiplomacy
Chinese APT
Crimson Palace
Earth Longzhi
Featured
MDR
REF5961
Sophos X-Ops
TA428
Unfading Sea Haze
Crimson Palace returns: New Tools, Tactics, and Targets
September 10, 2024
Security Operations
Featured
human-led threat hunting
MDR
Microsoft SQL Server
Mimic Ransomware
Sophos X-Ops
Sophos MDR hunt tracks Mimic ransomware campaign against organizations in India
August 7, 2024
Security Operations
Threat Research
china
Crimson Palace
EAGERBEE
Earth Longzhi
MDR
Sophos X-Ops
Operation Crimson Palace: A Technical Deep Dive
June 5, 2024
Threat Research
BackdoorDiplomacy
china
EAGERBEE
Earth Longzhi
Featured
RUDEBIRD
Sophos X-Ops
state actors
TA428
threat-hunting
Worok
Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
June 5, 2024
Security Operations
Threat Research
Akira
ESX Admins
Ligolo-ng
MDR
nssm.exe
Sophos X-Ops
sysmon
XDR
Akira, again: The ransomware that keeps on taking
December 21, 2023
